BYOD management in the workplace: Do you need it?
Know how to manage BYOD in your workplace
The first step towards managing your devices is the enrollment process.
Enrollment helps in connecting your devices to work and makes it easy for your users to securely access your organization’s apps and data. This lets you manage your endpoints in an efficient manner by applying strong device management policies on them. It also ensures that only authorized devices are managed in your console.
Enrollment modes
Depending on the device’s ownership, OS platform and management requirements, there are several modes of enrollment. Generally saying, enrollment can be:
- No-authentication enrollment – Require only the server name and no enrollment credentials.
- Email/SMS enrollment – Users must authenticate using the enrollment credentials send to them via email or SMS.
- Self-enrollment – Can enroll with AD credentials or username and password set in the portal.
All the basic methods mentioned above are tedious and time-consuming which makes the enrollment process the most challenging hurdle to clear. Admins staging a bulk of devices have to manually enter the server URL and credentials on each of the devices to get them enrolled. Admin must guide the users through the enrollment steps. A small error in the enrollment process can trigger a lot of changes.
This could be efficiently handled with QR codes which could be scanned for quick enrollment and configuration. QR code enrollment helps to simplify the process of onboarding devices, especially when deploying a large fleet of devices.
QR code enrollment for seamless device deployment
Scanning QR code is the most straight forward method for enrollment. This method is ideal for admins especially those who work in large organizations staging multiple devices. This also works as an efficient device provisioning method for end users who will be enrolling their own devices. Administrators can share a QR code to allow users to self-enroll their devices. As the QR code contains automatic enrollment credentials, it cuts down time for IT admins by eliminating the need to enter/share enrollment credentials.
You could enroll multiple Android devices at once with little to no work from the admin. This enrollment process avoids manual errors with time-saving steps and enables easy provisioning of devices. Users could complete the enrollment process without entering the server name, user name or password merely scanning the QR code. There is no need to generate a new QR code for all enrollments. The same QR code can be used multiple times to push enrollment settings to a variety of endpoints.
Work managed device mode can be configured on Android devices by scanning the QR code during the device set up. All the information that is needed for enrolling the device is contained in the payload of key-value pairs in the QR code. This simplifies the bulk enrollment of work managed and corporate-owned personally enabled devices.
Exploring QR code enrollment options with Hexnode MDM
Hexnode MDM supports QR code provisioning to transfer set up details to enroll a large fleet of Android devices. QR code is becoming a more attainable option as the support from device manufacturers broadens. Here’s is a quick list of the various management sets you can deploy using this setup method:
Work-managed devices
To enroll and provision an Android 7.0+ device as fully managed, IT can scan the QR code displayed on your MDM console. In case of a new device, you just have to boot it up and if the device is already in use go for a factory reset. The user or IT admin taps the initial welcome screen 6 times which triggers him to connect to a network and install the QR code reader to scan the QR code.
On scanning the QR code, the enrollment process is initiated. The set-up wizard automatically installs the Hexnode for Work app already configured with your server URL and other information. No need to download the app from the public app store or enter the server name and enrollment credentials. All done in a simple go merely scanning the QR code. This method is especially useful to provision non-NFC devices as Android Enterprise device owner.
Alternatively, you can use the DPC token method for Android 6.0+ devices. During the initial setup, provide the DPC token as the google account. Providing the DPC controller token automatically installs the Hexnode for work app. For initiating the enrollment process you can scan a QR code instead of manually entering the enrollment credentials. Follow the on-screen instructions to provision the device as a device owner.
Samsung Knox Mobile Enrollment – Device Owner mode
For Samsung KME enrollment while configuring the device owner profile you can optionally generate a QR code. This QR code can be used to enroll Android 10+ devices with this profile during the out-of-the-box gesture enrollment. You can additionally add a Wi-Fi network configuration to the QR code to include security data and proxy traffic gateway information within the generated QR code content. By default, this method is for reseller devices, but you can choose to use this option for your non-reseller devices as well. Samsung recommends avoiding this if you’re concerned about the unauthorized use of the QR code for device enrollment.
Open enrollment for generic Android
BYOD devices
QR code could also be used in Android Enterprise profile owner enrollment enrollment instead of entering the portal name. Download and install Hexnode for Work app, open the app, scan the QR code available in your portal and stick with the on-screen instructions to create the work profile.
Authenticated enrollment for generic Android
In all these scenarios, QR codes can simplify the enrollment process. Especially, when deploying a large fleet of devices, eliminating any of the possible manual steps can be a huge benefit.
Benefits of QR code enrollment – summarized:
- Can enroll corporate-owned Android 7+ devices simple in a go – No need to manually install an app and provide enrollment credentials.
- Enables seamless bulk enrollment – Simplifies the bulk enrollment of Android devices.
- Can skip the authentication step of entering the enrollment credentials send via email for authenticated enrollment – Thereby saves time and monetary cost of sending emails.
- Minimal admin interference required.
- Could minimize the possibilities of enrollment errors.
Though the complete enrollment process couldn’t be automated, QR code enrollment can be a great relief while provisioning your huge fleet of work devices.
Thanks a lot for your feedback, Nell. Hope you’re safe and well!
I’m glad that you enjoyed the read. Follow our site to keep up to date with all our articles. Please feel free to reach out to us for any further questions, comments, or concerns.
Greetings from California! I’m bored to tears at work so I decided to check out your blog on my iphone during lunch break.
I enjoy the information you provide here and can’t wait to take a look when I get home.
I’m amazed at how fast your blog loaded on my phone ..
I’m not even using WIFI, just 3G .. Anyhow, excellent site!